CVE-2025-13953

Name of the Vulnerable Software and Affected Versions GTT Tax Information System (affected versions not specified)

Description The GTT Tax Information System application contains a bypass in its authentication method, specifically related to Active Directory (LDAP) login. Authentication is conducted via a local WebSocket, but the application does not validate the authenticity or origin of the received data. This allows an attacker with local machine or internal network access to impersonate the legitimate WebSocket and inject manipulated information. Successful exploitation enables an attacker to authenticate as any user in the domain without valid credentials, potentially compromising the confidentiality, integrity, and availability of the application and its data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.